Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Automated Compliance Process Gains Favor

A survey by Courion finds that defining roles is the biggest barrier to adoption of user access provisioning.

Controlling user access on the network is the cornerstone of any enterprise compliance effort. Finally, it seems that resistance to automating this process is crumbling, with broad-scale adoption of automated user access provisioning within sight.

Almost two-thirds (65 percent) of companies surveyed by boutique access provisioning vendor Courion have either started implementing role-based access management or plan to do so within the next 18 months.

They have also started to get a grip on some of their thornier implementation issues. Forty percent said defining roles is the biggest technical hurdle to overcome, which is down from previous years, according to Courion CEO Chris Zannetos.

More than 50 percent of customers surveyed by the Framingham, Mass.-based company cited disabling access for non-employee users as the biggest access control issue they face.

That issue is especially acute for health care organizations, which are increasingly implementing portals to allow external users such as physicians, partners, patients and RHIOs (Regional Health Information Organizations) to access data from internal applications.

The survey, results of which will be released on June 11, was taken at Courions user conference in May. Lori Rowland, an analyst at The Burton Group, said that Courion customers and their concerns are fairly representative of the overall market.

"Now the market is maturing enough that we are starting to see customers in the midtier market show interest in provisioning," said Rowland. "Are we to a point where they are actually deploying? I dont think [its] mainstream. Weve crossed the chasm, but we are just over it," she added.

In Rowlands estimation, one of the barriers to adoption is the difficulty of implementing automated user access provisioning products, which can take "weeks if not months," she said.

Rowland also put her finger on adoption pain points. "There are three areas where people are trying to get a handle on control and compliance: role management, identity auditing and entitlement management," she said.

Indeed, Courions survey of 150 IT executives across a spectrum of functions found that the biggest barriers to getting off the ground with a provisioning project are role definition and prioritization of internal business processes. Compared with Courion survey results from previous years, that finding represents a shift away from justifying return on investment or worrying about the impact on existing infrastructure.

The survey also asked executives what had the greatest impact on compliance activities. Answers were spread out across three main areas: Twenty-eight percent said role management was the top identity management offering having the greatest impact on compliance activities, followed by identity audit at 26 percent and user provisioning at 25 percent.

"Weve seen with our leading customers that theres no single, silver bullet to achieve compliance with Sarbanes-Oxley Act, HIPAA [or other regulations] and achieve it in a way thats cost effective. Role management, provisioning alone or compliance [auditing] alone doesnt address it," said Zannetos.

Past surveys indicated that users had been focused on the "flavor of the month" answer to compliance issues, which had favored one approach over another, according to Zannetos. "This shows us theres a growing sophistication in how people approach user provisioning," he added.

Courion competes with large platform providers such as IBM, Sun Microsystems and Oracle.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.